RE: VPN - Any thoughts on this?

  • From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Sun, 13 Oct 2002 08:24:59 -0400

Thanks Jim for the response. 

One more thing... Is there anyway to kick off logon scripts when users
connect via vpn so their network drives are mapped?

Thanks!

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Friday, October 11, 2002 11:15 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: VPN - Any thoughts on this?


http://www.ISAserver.org


Hi Bryan,
1. You're correct; unchecking "use default gateway" effectively bridges
the two networks via the VPN client.  This is an easy way to solve the
question of "hot to access the Internet while RRAS'd into the network,
but it's also the least secure. 2. Set the ISA proxy settings in the VPN
connectoid part of the users IE connection settings and install the FW
client on them.  That way, they'll use the ISA they dialed into.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/pages/author_index.asp?aut=3
 http://isatools.org
 Read the help / books / articles!

----- Original Message -----
From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, October 11, 2002 9:02 AM
Subject: [isalist] RE: VPN - Any thoughts on this?


http://www.ISAserver.org


Anyone have any thoughts on this? Thanks!


 -----Original Message-----
From: Bryan Andrews
Sent: Wednesday, October 09, 2002 12:43 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] VPN

http://www.ISAserver.org


I've read the article about vpn by Thomas:
http://www.isaserver.org/pages/article.asp?id=232

And I have a couple of questions if anyone would like to respond:

1. I am operating under the assumption that if you choose to uncheck
'use the default gateway on the remote network' then you are putting
your remote network at risk as the remote user is then connected to the
internet at their isp and theoretically could expose your network. 2. I
don't really understand why you need to use a proxy for http if you are
'using the default gateway on the remote network'. Seems self
explanatory. 3. Lastly, how should users connect IM when they are
connected via vpn or use any other internet protocols?

I have never used proxy as all my clients have been secure nat. I'd like
the users to be able to work as they always do when connected.

Any thoughts on this are appreciated. Thanks.


 -----Original Message-----
From: Quillman Shawn (RBNA/CIT7) [mailto:Shawn.Quillman@xxxxxxxxxxxx]
Sent: Wednesday, October 09, 2002 12:27 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Changing log file location.

http://www.ISAserver.org



I'm assuming the new folder exists :)

Check the permissions on the new folder and the logs themselves (if you
copied them from the default log folder).  If ISA can't access them then
there would be issues.  If you did copy the logs into the new folder
have you tried starting the services without anything in the folder and
letting ISA create a new log file?

Also the logs must be on a local volume.  I think I remember you saying
that this is the case, but can't remember for sure.

I'll keep thinking, too.  These are fairly obvious suggestions.....

-Shawn

-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT7
38000 Hills Tech Drive
Farmington Hills, MI  48331
(248) 553-1164 (P)     (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx


-----Original Message-----
From: itmail@xxxxxxxxxx [mailto:itmail@xxxxxxxxxx]
Sent: Wednesday, October 09, 2002 11:24 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Changing log file location.


http://www.ISAserver.org


Yes, after changing log location I restarted service and they would not
come back till I set the log location back to default.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/ Windows
Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT
Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


Other related posts: